Year 2000 Business Continuity Planning: Guidelines for Financial Institutions Introduction

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Year 2000 Business Continuity Planning: Guidelines for Financial Institutions Introduction"

Transcription

1 Year 2000 Business Continuity Planning: Guidelines for Financial Institutions Introduction The purpose of this paper is to help financial institutions, in particular their senior management, address business continuity planning in the context of the transition to the Year This issue should be at the top of the senior business decision-maker's agenda during It is important that firms understand the need to develop specific Year 2000 contingency plans as soon as possible and the reason why it is not possible to rely exclusively on existing plans for this purpose. Year 2000 continuity planning is about ensuring the continuous and efficient functioning of business activities during the transition to the new millennium, not about providing backup for computer systems. It should therefore be approached in a market and business context, not as a technical project, and should be treated as a top business priority by the boards and senior management of financial institutions. The focus should be on core business activities, that is, those on which the survival of the business depends. There are various critical stages in the transition to the Year These relate in the first instance to the different dates on which information systems might face date-related difficulties in the course of 1999 and They also relate to different deadlines which the firm might face for internal as well as external testing and for reacting to any unexpected problems that might occur at such times. Problems with the various external dependencies of the firm, including third-party suppliers, market infrastructures, counterparties, clients and public utilities, might occur at different times during the transition. Finally, the firm will have to carefully approach the century date change in its computer applications, for instance by freezing system changes at the end of 1999 and gradually introducing new applications during the course of Planning for the various possible Year 2000 eventualities and developing procedures for dealing with any contingencies will take time. This is why financial firms should start their Year 2000 continuity planning as soon as possible. To delay starting is to risk business interruption and may diminish the credibility of the business in the eyes of customers, counterparties and other third parties (including financial market regulators). Increasingly, as 1999 progresses, institutions should ensure that they are ready to provide factual information about the state and nature of their Year 2000 preparedness and continuity planning. Requests for information could originate, internally, from the different business units and, externally, from those parties to which the firm s business continuity is important. It will therefore be important for the firm to develop appropriate communication strategies, both internal and external. Part 1 of this paper explains in more detail why all financial institutions must develop Year 2000 business continuity plans and why work should start as soon as possible. It also describes the general approaches that should be adopted in developing and implementing plans, and the responsibilities of senior management. Part 2 provides more specific guidance on the main features of a business continuity project. Good practice on this topic will evolve as 1999 progresses and firms are actively encouraged to study how they can include existing and evolving best practices in their own approach. In this respect, cooperation with other financial market participants and with regulators will be useful. The Joint Year 2000 Council or its parent committees may publish further guidance if this seems appropriate. 1

2 1. The general approach to Year 2000 business continuity planning In order to develop an effective and workable approach to Year 2000 business continuity planning, senior management must understand the challenges involved in ensuring business continuity during the transition to 2000 and the need to start work in this respect as soon as possible. This part of the paper addresses these issues and explains the general approach to Year 2000 contingency planning. 1.1 The importance of Year 2000 business continuity planning Financial institutions throughout the world are actively addressing the Year 2000 problem. The focus has been on awareness, assessment, remediation, testing and implementation with a view to achieving business continuity so far as mission critical business activities are concerned. Many observers believe that financial sectors in many countries will achieve a high state of Year 2000 preparedness. However, because of the nature of the Year 2000 problem, no institution will be able to assume that it has removed all threats to business continuity. Even if an institution believes that it has reasonable grounds for a high degree of confidence in the effectiveness of its own Year 2000 programme, and in the Year 2000 programmes of others, it will remain possible for problems to occur in different areas. These include: the firm s own systems; the systems of an entity to which it has outsourced some of its operations; the systems of a financial infrastructure provider such as a clearing and settlement system or message carrier; and the systems of a major business dependency such as a correspondent, trading counterparty or large client. Moreover, the firm itself and all the relevant external parties are vulnerable to possible disruptions at public utilities such as telecommunications, electricity, water, sewage or transport operators. The nature and scale of Year 2000 challenges and programmes is such that there can be no certainty in advance that assessment, remediation, testing and implementation activity both within and outside the firm has been fully effective. 1 Although most problems are likely to be caused by operational failures, they will directly threaten business continuity. Thorough business continuity planning is therefore a matter of simple prudence and it must be an integral part of every institution s Year 2000 strategy. Most institutions have contingency plans, for example for computer breakdowns or fire or other physical disasters. These may be a valuable starting-point for Year 2000 continuity planning. However, conventional contingency plans will not be adequate to deal with Year 2000 problems. For example, backup computer systems are likely to replicate faults in the main hardware and software systems and may not be available if they are maintained at sites operated by a third party that could face Year 2000 difficulties. 2 Difficulties could also be encountered in different business areas at the same time, and initially small and localised problems could combine to create larger disturbances. Problems, one s own or those of others, might well be more difficult to diagnose and may take longer to put right. Particular solutions may not work if adopted and used simultaneously by a large number of institutions (e.g. simultaneous mass faxing if there is a problem with voice telephony). Most importantly, the behaviour and perception of external parties, including customers, trading counterparties and correspondents, may change individually or collectively (on the basis, for instance, of rumour or speculation). A further important factor is that although 1 January 2000 (like other sensitive dates in this context) is fixed, information for example about an institution, industry sector or region's preparedness is likely 1 2 See the Joint Year 2000 Council's paper "Scope and Impact of the Year 2000 problem". The capacity of backup sites provided by third parties might also prove insufficient if a large number of customers request support at the same time. 2

3 to emerge throughout the period before, during and after 1 January This will require the risks to be reassessed on an ongoing basis and the plans to be adapted accordingly. 1.2 The need to start Year 2000 continuity planning as soon as possible Given all that is involved, the start of continuity planning cannot be left until the end of Year 2000 preparatory work. At the same time, continuity planning must not be done in a way which prejudices the successful and timely completion of the other key elements of a Year 2000 programme. For the reasons given above, institutions must treat the Year 2000 as a potential problem without precedent. The issues that need to be addressed are many and wide-ranging. Institutions must carry out a specific Year 2000 risk assessment and will need to draw up new plans to address the risks they identify. They should, as far as possible, test those plans in advance. Developing and implementing a credible plan will therefore require significant resources and effective organisation. No doubt this will also take time, and work should therefore be started as soon as possible. To delay starting is to risk not having an adequate plan in time. All institutions should aim to have a business continuity project in place as early as possible, preferably by the end of the first quarter of The project should include a timetable which provides for a business continuity plan to be completed by September Throughout the process, institutions need to ensure that work is prioritised so that there is an appropriate focus both in terms of what is most critical to the business and in terms of timing (e.g. between pre and post-1 January 2000 issues). 1.3 The general approach to Year 2000 continuity planning For all institutions, addressing such an unprecedented problem will be very challenging. Many will have their own approach to contingency planning, which may well provide a sound methodology, and there are advantages in using familiar methods. However, what is essential is the full and active involvement of senior management and all business units in the process. Most institutions will look in the first instance to their own resources, for example within their Year 2000 programme 3 or their risk management teams, supported by internal audit, to address Year 2000 continuity planning. However, given the unprecedented characteristics of the problem, every institution should make itself open to outside information, advice and support in order to receive the full benefit of professional expertise and practical experience as well as, if necessary, the requisite resources. Particular caution should be exercised with regard to relying on resources employed in the Year 2000 programme for the development and implementation of a Year 2000 continuity project. One reason is that the Year 2000 programme will involve rigorous and continuous testing and careful implementation of remediated systems throughout Technical experts involved in the Year 2000 programme will also need to remain available during all the important phases in the transition to 2000 in order to deal with any unexpected difficulties that might arise. Part 2 of this paper contains more specific guidelines on the development and implementation of the business continuity project. These are based on a number of guides to Year 2000 contingency planning that are now available from, or are being prepared by, regulatory organisations or trade bodies (see Annex). Specialist consultancy and accounting firms have also developed guidelines for proper Year 2000 contingency planning. Moreover, some individual firms which have recognised at an early stage that the Year 2000 should not be treated as a competitive issue have been willing to share information on their own practice and 3 To avoid confusion in this document, the main Year 2000 project aimed at remediating and testing the systems is called the Year 2000 programme, while the project aimed at providing business continuity is called the Year 2000 business continuity project. 3

4 experience. Finally, in some cases national Year 2000 coordinators are providing guidance to companies. Most of these documents clearly state that Year 2000 business continuity is not a technical issue and should receive the attention of senior managers. Their involvement is required to ensure appropriate accountability and commitment, proper organisation and extensive coverage. It will be their responsibility to take decisions that relate to the core business strategies. With respect to accountability, senior management should sponsor the business continuity project and provide adequate resources to put in place an effective business continuity plan in good time. They must ensure the adequate participation of all major business units. They will have to approve the risk assumptions and analysis and endorse the plans for risk mitigation and management. As with the Year 2000 readiness programmes, the development of the business continuity project will require proper organisation. A timetable, with milestones, will need to be drawn up and adhered to, which will necessitate conferring the proper authority on the project group. Coordination with the main Year 2000 readiness programme as well as with the major business units will be a major challenge. A proper organisation team(zero day management) has to be put in place for the Year 2000 transition period. This team should be responsible for collecting and disseminating information inside and outside the institutions and should have decision-making capabilities. Ensuring extensive coverage of the Year 2000 continuity project will require executive attention. Adequate assumptions, scenarios and plans will need to be developed to cover the risks to which the firm is exposed before, during and after 1 January 2000, including operational, financial and reputational risks. This should take into account the vulnerabilities to the firm s own systems as well as to those of relevant external parties. 2. Guidelines on business continuity projects This part of the paper provides more specific guidance on the development and implementation of a business continuity project. Institutions should consider it in the context of their own particular circumstances, organisation and working methods. 2.1 Establish high-level commitment to a business continuity project The purpose of a business continuity project is to maximise the ability of the business to maintain a minimum level of outputs and services and the confidence of customers, counterparties and other key third parties in adverse circumstances. It should also help to identify alternatives to normal business processes and to prepare for a possible crisis. In the event of emergency measures being invoked, the business continuity project should facilitate the rapid resumption of normal service. The establishment of a business continuity project may be a matter of business survival. It requires the rigorous identification of the risks to what is critical for adequate business continuity as well as the development and implementation of strategies to reduce those risks (risk prevention) or to mitigate the impact of any problems that occur in practice (risk mitigation). As indicated in Part 1, the exposure to risk during the transition to the Year 2000 is likely to be greater than normal. Accordingly, it is prudent for institutions to assume that problems of some kind will occur and that those problems may well be unusual. Nevertheless, institutions should take existing business continuity plans into account and retain what remains appropriate in a Year 2000 context. An effective project will be a complex, business-critical and resource-intensive task. It is essential that boards and senior managements take direct responsibility for the establishment of a project with the objective of achieving an agreed business continuity plan and for the allocation of sufficient resources. Their input is essential, in particular with respect to the formulation of the strategic business priorities 4

5 that will need to be reflected in the plan. They must also lend the project the necessary support to ensure that its importance and priority are recognised by the business as a whole. Finally, they should monitor its execution, on the basis of regular reporting. The business continuity project should be given an identified project manager and a project team of a sufficient size and quality to ensure its timely completion. All relevant business areas also need to be involved in the project in order to ensure their commitment and contribution of expertise and knowledge. This is likely to encompass the major business units, disaster recovery specialists, systems and operations units, and legal counsel. The relationship of the project to the Year 2000 programme should be made clear. It should ensure the effective exchange of relevant information and coordination between the two projects. As explained in Part 1, the objectives and scope of the two projects are different and it is therefore advisable to establish them separately, with different project managers and staff. The business continuity project is likely to be most effective if it is sponsored by senior management. 2.2 Establish a project plan and timelines A first task of the project team should be to establish a project plan which identifies the scope of the project, allocates responsibilities for each project task and lays down timelines for each stream of work. This plan should be approved by the project team as a whole and endorsed by senior management. The timelines should be sufficiently detailed, with milestones, to enable progress on the plan to be regularly reviewed by both the team and senior management. The scope of the project plan, and the timelines, should be kept under review and adjusted as necessary, in the light of experience or new information. Any threats to the achievement in good time of an effective business continuity strategy should be identified and addressed as and when they arise. 2.3 Identify business critical systems and processes An essential objective of the business continuity project would be to identify what is critical to the continuity of business. This includes the key systems and processes which support the critical services and the internal and external dependencies which are crucial to the business. Much of this information should have been obtained in the context of the Year 2000 programme. However, the business continuity project should itself ensure that the risks to business continuity are addressed comprehensively. The project team should therefore review the analysis made in the main programme. The business continuity project and the Year 2000 programme should generally agree on what is considered to be business-critical so that the business as a whole operates on the basis of a consistent, agreed analysis. Any inconsistencies or disagreements should be resolved at senior level. 2.4 Establish a risk identification and assessment methodology To meet the primary purpose of an effective business continuity project it is essential to put in place a methodology for identifying the risks to business continuity and assessing their potential impact. That methodology must then be applied across the business as a whole. The methodology should be one which is practical, straightforward and readily understood by all those in the business who need to use it. It should also ensure comprehensive risk identification and assessment and be cost-effective. The identification of the business's key processes, systems and dependencies (both internal and external) should provide the starting-point for identifying the risks. The business continuity project should consider the risks attaching to the Year 2000 programme itself, such as the failure to complete the programme in time and inadequacies or errors in one of the programme elements (e.g. inventory or testing). In addition, the business continuity project must consider the risks arising from the overall environment in which the business operates. These risks are likely to fall into one of three broad categories: operational risks, credit and liquidity risks and reputational risks. 5

6 Operational risks could arise from failures in internal systems, problems with facilities such as lifts, air-conditioning, heating or backup power supplies, and disruptions in the services provided by utilities such as water, electricity and telecommunications. They could also result from disturbances in financial market infrastructure elements such as payment and settlement systems, exchanges, market information providers or message carriers. Special attention should also be paid to the fact that frauds may be attempted when operational difficulties are experienced and normal business functioning (and security) is impaired. Credit and liquidity risks are the typical financial risks to which financial institutions are exposed. Credit risk involves the possible financial loss as a result, for instance, of a counterparty default or the depreciation in value of the assets held by the institution. Liquidity risk arises when financial institutions face unexpected cash-flow positions and either have to fund cash-flow shortfalls at short notice and unfavourable terms or invest surplus funds under unattractive conditions. In the context of the Year 2000, such risks can arise in different ways when financial institutions cannot carry out their business as usual. Particular concerns relate to the ability of firms to trade and settle under normal conditions and markets to function smoothly and with the needed liquidity when uncertainty increases. Reputational risk can occur when a financial institution is seen to be poorly prepared to deal with operational or financial difficulties and when incidents occur that impair the institution's ability to operate normally and efficiently. This can result in the institution being negatively perceived by customers, counterparties or market participants. Given the degree of uncertainty about Year 2000 preparations, as well as the multiple interdependencies between financial market participants and their joint dependence on third-party service providers, it is likely that financial firms will face Year 2000 disruptions. There is therefore strong potential for the reputation of financial firms to be negatively affected by Year 2000 difficulties in the financial system (whether real or perceived). 4 Institutions need to be imaginative in identifying the possible risks. All parts of the business need to be involved to ensure that the process of risk identification results in a comprehensive list of perceived risks to business continuity. For each of the types of risk identified, a proper assessment must be made of the probability of the risk occurring and the impact on the business if it does occur. The impact assessment should make explicit assumptions about the expected duration of a problem, for example, one hour, one day or one week. The purpose of this assessment is to enable the business to identify those risks which are most likely to occur and whose impact could be significant. It would also allow the identification of those risks whose impact would be very high, even if the probability of occurrence is low. A simple methodology can be used, for instance classifying probability and impact (separately) on a high/medium/low basis. It is essential that the analysis involve those in the business who are best placed to make the assessment by virtue of their knowledge, experience or expertise. In particular, business managers, who are in the best position to identify, assess and address risks to business viability, should be directly involved. 2.5 Develop risk prevention and mitigation measures After carrying out making the risk assessment, judgements should be made as to which risks present sufficient threats to the business to require the development of strategies and actions to prevent them arising or to mitigate their impact if they do arise. These judgements should be the basis for prioritising work in the project. There may be various options for risk prevention and mitigation, including: 4 As indicated in the Council s policy paper on disclosure and information sharing (January 1999) this is one reason for financial firms to take voluntary action to publicly disclose information about their readiness programmes and contingency plans. 6

7 continuous review of results of tests on own systems (including those with embedded chips) and those of external parties; rigorous prior assessment and continuous review of readiness and contingency plans of key market infrastructure providers, customers, counterparties, public utilities and government agencies; reducing legal exposure, for instance by renegotiating contracts or revising documentation; developing an effective disclosure and communications strategy; working with other market participants, industry associations and market infrastructure providers to review best practices and, where appropriate, develop joint initiatives, for instance with respect to market practices; enhancing liquidity and access to liquidity; developing alternatives to normal business processes, for instance manual procedures or access to alternative types of trading procedure; disaster recovery plans in the event of problems with availability of buildings, staff, etc. Options should be chosen according to the likely seriousness of the expected disturbances and on the basis of their feasibility and the general business priorities. The overall objective should be to prepare to deal with contingencies without creating a false sense of security or an unnecessary degree of anxiety. Particular attention should be paid to internal and external communication strategies. 2.6 Zero day information management, communications and decision-taking A business must be organised and prepared in the run-up to, on and after 1 January 2000, the so-called zero day, to acquire and use information about itself, about third parties and about the general environment, including the infrastructure that may be relevant to business continuity. Information must be available at all times to allow rapid decisions to be made in response to developments in order to sustain business continuity. Finally, a firm must be able to communicate about its own status to regulators, business partners, customers and the media. For this purpose, the business should, well in advance, identify the information likely to be required by itself and by others, the sources of that information, the means of obtaining it and the persons to whom the information is to be made available. This is likely to have implications for communications arrangements, internal and external, and for the availability of personnel. The business should also, well in advance, determine the management arrangements for decisionmaking and the staff who will need to be involved in those arrangements. The facilities and support necessary to ensure that arrangements work efficiently should also be identified. A business may consider it necessary to establish one or more communications or command centres to facilitate the dissemination of information and the monitoring of developments. Appropriate channels for information flows should enhance internal consultation and decision-making. To be effective, all these arrangements should be tested in advance. 2.7 Process discipline All risk prevention and mitigation plans should be developed in accordance with strict process disciplines. This would require: precise documentation of each risk and of the related prevention or mitigation strategy; allocation of responsibility to an individual to develop and implement the strategy; and approval at the appropriate management level of the strategy and implementation plans. It is also essential that, so far as practicable, each plan be tested to identify gaps or problems and to verify its credibility. Where necessary, the plan should be modified in the light of the tests. Those who will have to implement the plan must receive appropriate guidance and training. 7

8 Throughout the period before, during and after 1 January 2000, the business must be constantly on the alert for new developments or information that may change the risk identification or assessment or the assumptions made. The business continuity plan should be adjusted as necessary. In particular, in the context of business continuity planning as in the main remediation programme, institutions must be alert to the implications of and risks attaching to changes made by the business to IT systems or programmes, or to business processes, outside Year 2000 projects. Institutions should seek to minimise such changes, particularly as 1 January 2000 approaches. 5 5 Refer to Council s press statement and quote private and public sector recommendation to change management 8

9 Annex Source Date Title Available from French financial sector (supervisory authorities and market participants) February 1999 Addendum to the White Book on the Year 2000 changeover - Business continuity after Global 2000 Coordinating Group January 1999 Year 2000 Business Risk Management Hong Kong Monetary Authority December 1998 Guidance Note on Year 2000 Contingency Planning by Authorised Institutions /guideline/ htm Bank of Japan November 1998 Guidance on Year 2000 Contingency Planning US General Accounting Office (GAO) August 1998 Year 2000 Computing Crisis: Business Continuity and Contingency Planning s/bcpguide.pdf British Bankers Association October 1998 Year 2000 Contingency Planning Guide (BBA) Federal Financial Institutions Examination Council (FFIEC) 13 May 1998 Guidance concerning Contingency Planning in connection with Year 2000 Readiness 9

Vendor Management. Outsourcing Technology Services

Vendor Management. Outsourcing Technology Services Vendor Management Outsourcing Technology Services Objectives Board and Senior Management Responsibilities Risk Management Program Risk Assessment Service Provider Selection Contracts Ongoing Monitoring

More information

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT JANUARY 2008 GUIDELINE ON BUSINESS CONTINUITY GUIDELINE CBK/PG/14

More information

Advisory Guidelines of the Financial Supervisory Authority. Requirements regarding the arrangement of operational risk management

Advisory Guidelines of the Financial Supervisory Authority. Requirements regarding the arrangement of operational risk management Advisory Guidelines of the Financial Supervisory Authority Requirements regarding the arrangement of operational risk management These Advisory Guidelines have established by resolution no. 63 of the Management

More information

Principles for BCM requirements for the Dutch financial sector and its providers.

Principles for BCM requirements for the Dutch financial sector and its providers. Principles for BCM requirements for the Dutch financial sector and its providers. Platform Business Continuity Vitale Infrastructuur Financiële sector (BC VIF) Werkgroep BCM requirements 21 September 2011

More information

Consider the cash demands of a financial institution's customers; Anticipate funding needs in late 1999 and early 2000;

Consider the cash demands of a financial institution's customers; Anticipate funding needs in late 1999 and early 2000; AL 98-18 Subject: Year 2000 Q&A Guidance Date: December 10, 1998 TO: hief Executive Officers of National Banks, Federal Branches, Service Providers, Software Vendors, Department and Division Heads, and

More information

Federal Financial Institutions Examination Council FFIEC. Business Continuity Planning BCP MARCH 2003 MARCH 2008 IT EXAMINATION

Federal Financial Institutions Examination Council FFIEC. Business Continuity Planning BCP MARCH 2003 MARCH 2008 IT EXAMINATION Federal Financial Institutions Examination Council FFIEC Business Continuity Planning MARCH 2003 MARCH 2008 BCP IT EXAMINATION H ANDBOOK TABLE OF CONTENTS INTRODUCTION... 1 BOARD AND SENIOR MANAGEMENT

More information

Operational Risk Management Policy

Operational Risk Management Policy Operational Risk Management Policy Operational Risk Definition A bank, including a development bank, is influenced by the developments of the external environment in which it is called to operate, as well

More information

GUIDELINES FOR BUSINESS CONTINUITY IN WHOLESALE MARKETS AND SUPPORT SYSTEMS MARKET SUPERVISION OFFICE. October 2004

GUIDELINES FOR BUSINESS CONTINUITY IN WHOLESALE MARKETS AND SUPPORT SYSTEMS MARKET SUPERVISION OFFICE. October 2004 GUIDELINES FOR BUSINESS CONTINUITY IN WHOLESALE MARKETS AND SUPPORT SYSTEMS MARKET SUPERVISION OFFICE October 2004 1 1. Introduction Guaranteeing the efficiency and correct operation of money and financial

More information

Business Continuity Business Continuity Management Policy

Business Continuity Business Continuity Management Policy Business Continuity Business Continuity Management Policy : Date of Issue: 28 January 2009 Version no: 1.1 Review Date: January 2010 Document Owner: Patricia Hughes Document Authoriser: Tony Curtis 1 Version

More information

INSURANCE ACT 2008 CORPORATE GOVERNANCE CODE OF PRACTICE FOR REGULATED INSURANCE ENTITIES

INSURANCE ACT 2008 CORPORATE GOVERNANCE CODE OF PRACTICE FOR REGULATED INSURANCE ENTITIES SD 0880/10 INSURANCE ACT 2008 CORPORATE GOVERNANCE CODE OF PRACTICE FOR REGULATED INSURANCE ENTITIES Laid before Tynwald 16 November 2010 Coming into operation 1 October 2010 The Supervisor, after consulting

More information

Risk Management of Outsourced Technology Services. November 28, 2000

Risk Management of Outsourced Technology Services. November 28, 2000 Risk Management of Outsourced Technology Services November 28, 2000 Purpose and Background This statement focuses on the risk management process of identifying, measuring, monitoring, and controlling the

More information

Statement of Guidance

Statement of Guidance Statement of Guidance Foreign Exchange Risk Management 1. Statement of Objectives To provide a standard of best practice to banks for the implementation of an effective and sound Foreign Exchange Risk

More information

ISSUES PAPER PAYMENT SYSTEMS BUSINESS CONTINUITY

ISSUES PAPER PAYMENT SYSTEMS BUSINESS CONTINUITY ISSUES PAPER PAYMENT SYSTEMS BUSINESS CONTINUITY 10 May 2005 ISSUES PAPER PAYMENT SYSTEMS BUSINESS CONTINUITY TABLE OF CONTENTS Executive Summary 3 Introduction 4 Evolution of Core Principle VII 4 1. Formulation

More information

Federal Financial Institutions Examination Council FFIEC BCP. Business Continuity Planning FEBRUARY 2015 IT EXAMINATION H ANDBOOK

Federal Financial Institutions Examination Council FFIEC BCP. Business Continuity Planning FEBRUARY 2015 IT EXAMINATION H ANDBOOK Federal Financial Institutions Examination Council FFIEC Business Continuity Planning BCP FEBRUARY 2015 IT EXAMINATION H ANDBOOK Table of Contents Introduction 1 Board and Senior Management Responsibilities

More information

Committee on Payments and Market Infrastructures. Board of the International Organization of Securities Commissions

Committee on Payments and Market Infrastructures. Board of the International Organization of Securities Commissions Committee on Payments and Market Infrastructures Board of the International Organization of Securities Commissions Principles for financial market infrastructures: Assessment methodology for the oversight

More information

: Chief Executive Officers of all Licensed Commercial Banks, Primary Dealers, Central Depository Systems (Pvt) Ltd. and LankaClear (Pvt.) Ltd.

: Chief Executive Officers of all Licensed Commercial Banks, Primary Dealers, Central Depository Systems (Pvt) Ltd. and LankaClear (Pvt.) Ltd. March 29, 2006 BCP Guidelines No: 01/2006 To : Chief Executive Officers of all Licensed Commercial Banks, Primary Dealers, Central Depository Systems (Pvt) Ltd. and LankaClear (Pvt.) Ltd. Introduction

More information

GUIDANCE NOTE FOR DEPOSIT-TAKERS. Operational Risk Management. March 2012

GUIDANCE NOTE FOR DEPOSIT-TAKERS. Operational Risk Management. March 2012 GUIDANCE NOTE FOR DEPOSIT-TAKERS Operational Risk Management March 2012 Version 1.0 Contents Page No 1 Introduction 2 2 Overview 3 Operational risk - fundamental principles and governance 3 Fundamental

More information

Risk Management Systems of the Resona Group

Risk Management Systems of the Resona Group Systems of the Resona Group RESONA HOLDINGS, INC. Systems of the Resona Group 24 Systems Basic Approach to The trends toward financial liberalization, globalization, and securitization, along with progress

More information

The PNC Financial Services Group, Inc. Business Continuity Program

The PNC Financial Services Group, Inc. Business Continuity Program The PNC Financial Services Group, Inc. Business Continuity Program subsidiaries) 1 Content Overview A. Introduction Page 3 B. Governance Model Page 4 C. Program Components Page 4 Business Impact Analysis

More information

Advisory Guidelines of the Financial Supervision Authority. Requirements for Organising the Business Continuity Process of Supervised Entities

Advisory Guidelines of the Financial Supervision Authority. Requirements for Organising the Business Continuity Process of Supervised Entities Advisory Guidelines of the Financial Supervision Authority Requirements for Organising the Business Continuity Process of Supervised Entities These advisory guidelines were established by Resolution No

More information

THE DOMESTIC SURVEY AND THE CONSEQUENT RECOMMENDATIONS

THE DOMESTIC SURVEY AND THE CONSEQUENT RECOMMENDATIONS OVERSIGHT RECOMMENDATIONS ON BUSINESS CONTINUITY BACKGROUND OF THE DOMESTIC SURVEY Unexpected incidents worldwide have focused the attention of the financial sector, including the participants of the domestic

More information

OCC 98-3 OCC BULLETIN

OCC 98-3 OCC BULLETIN To: Chief Executive Officers and Chief Information Officers of all National Banks, General Managers of Federal Branches and Agencies, Deputy Comptrollers, Department and Division Heads, and Examining Personnel

More information

PBSi Business Continuity Planning

PBSi Business Continuity Planning Business Continuity Planning Definition Business Continuity planning is a planning process designed to reduce the risk that disruptive failures or events could seriously harm your business. It is designed

More information

ISO27001 Controls and Objectives

ISO27001 Controls and Objectives Introduction This reference document for the University of Birmingham lists the control objectives, specific controls and background information, as given in Annex A to ISO/IEC 27001:2005. As such, the

More information

Business Continuity Plan

Business Continuity Plan Business Continuity Plan October 2007 Agenda Business continuity plan definition Evolution of the business continuity plan Business continuity plan life cycle FFIEC & Business continuity plan Questions

More information

Business Continuity and Disaster Recovery Planning

Business Continuity and Disaster Recovery Planning Business Continuity and Disaster Recovery Planning Jennifer Brandt, CISA A p r i l 16, 2015 HISTORY OF STINNETT & ASSOCIATES Stinnett & Associates (Stinnett) is a professional advisory firm offering services

More information

Consultative report. Committee on Payment and Settlement Systems. Board of the International Organization of Securities Commissions

Consultative report. Committee on Payment and Settlement Systems. Board of the International Organization of Securities Commissions Committee on Payment and Settlement Systems Board of the International Organization of Securities Commissions Consultative report Principles for financial market infrastructures: Assessment methodology

More information

Insurance Guidance Note No. 14 System of Governance - Insurance Transition to Governance Requirements established under the Solvency II Directive

Insurance Guidance Note No. 14 System of Governance - Insurance Transition to Governance Requirements established under the Solvency II Directive Insurance Guidance Note No. 14 Transition to Governance Requirements established under the Solvency II Directive Date of Paper : 31 December 2013 Version Number : V1.00 Table of Contents General governance

More information

Monetary Authority of Singapore BUSINESS CONTINUITY MANAGEMENT GUIDELINES

Monetary Authority of Singapore BUSINESS CONTINUITY MANAGEMENT GUIDELINES Monetary Authority of Singapore BUSINESS CONTINUITY MANAGEMENT GUIDELINES June 2003 TABLE OF CONTENTS 1.0 INTRODUCTION... 1 1.1 READINESS IS YOUR ONLY PROTECTION... 1 1.2 APPLICATION OF THE GUIDELINES...

More information

Decision on recovery plans of credit institutions. Subject matter Article 1

Decision on recovery plans of credit institutions. Subject matter Article 1 Pursuant to Article 101, paragraph (2), item (8) and Article 154, paragraph (2) of the Credit Institutions Act (Official Gazette 159/2013) and Article 43, paragraph (2), item (9) of the Act on the Croatian

More information

RISK MANAGEMENT AND COMPLIANCE

RISK MANAGEMENT AND COMPLIANCE RISK MANAGEMENT AND COMPLIANCE Contents 1. Risk management system... 2 1.1 Legislation... 2 1.2 Guidance... 3 1.3 Risk management policy... 4 1.4 Risk management process... 4 1.5 Risk register... 8 1.6

More information

BUSINESS CONTINUITY MANAGEMENT GUIDELINE

BUSINESS CONTINUITY MANAGEMENT GUIDELINE BUSINESS CONTINUITY MANAGEMENT GUIDELINE April 2010 Table of Contents Preamble...3 Introduction...4 Scope...5 Coming into effect and updating...6 1. Continuity and resumption of business...7 2. Sound and

More information

TO CREDIT UNIONS DATE: June 10, 1998

TO CREDIT UNIONS DATE: June 10, 1998 NATIONAL CREDIT UNION ADMINISTRATION NATIONAL CREDIT UNION SHARE INSURANCE FUND LETTER LETTER NO.: 98-CU-12 TO CREDIT UNIONS DATE: June 10, 1998 SUBJECT: Business Resumption Contingency Planning Letter

More information

Prudential Practice Guide

Prudential Practice Guide Prudential Practice Guide LPG 232 Business Continuity Management March 2007 www.apra.gov.au Australian Prudential Regulation Authority Disclaimer and copyright This prudential practice guide is not legal

More information

The PNC Financial Services Group, Inc. Business Continuity Program

The PNC Financial Services Group, Inc. Business Continuity Program The PNC Financial Services Group, Inc. Business Continuity Program 1 Content Overview A. Introduction Page 3 B. Governance Model Page 4 C. Program Components Page 4 Business Impact Analysis (BIA) Page

More information

SUPERVISORY AND REGULATORY GUIDELINES: PU19-0406 BUSINESS CONTINUITY GUIDELINES

SUPERVISORY AND REGULATORY GUIDELINES: PU19-0406 BUSINESS CONTINUITY GUIDELINES SUPERVISORY AND REGULATORY GUIDELINES: PU19-0406 Business Continuity Issued: 1 st May, 2007 Revised: 14 th October 2008 BUSINESS CONTINUITY GUIDELINES I. INTRODUCTION The Central Bank of The Bahamas (

More information

Polish Financial Supervision Authority. Guidelines

Polish Financial Supervision Authority. Guidelines Polish Financial Supervision Authority Guidelines on the Management of Information Technology and ICT Environment Security for Insurance and Reinsurance Undertakings Warsaw, 16 December 2014 Table of Contents

More information

Capital Adequacy: Advanced Measurement Approaches to Operational Risk

Capital Adequacy: Advanced Measurement Approaches to Operational Risk Prudential Standard APS 115 Capital Adequacy: Advanced Measurement Approaches to Operational Risk Objective and key requirements of this Prudential Standard This Prudential Standard sets out the requirements

More information

Central Bank of Ireland Guidelines on Preparing for Solvency II System of Governance

Central Bank of Ireland Guidelines on Preparing for Solvency II System of Governance 2013 Central Bank of Ireland Guidelines on Preparing for Solvency II System of Governance Contents 1 Context... 1 2 General... 2 3 Guidelines on the System of Governance... 3 3.1 Section I General Provisions...

More information

IT Disaster Recovery Plan Template

IT Disaster Recovery Plan Template HOPONE INTERNET CORP IT Disaster Recovery Plan Template Compliments of: Tim Sexton 1/1/2015 An information technology (IT) disaster recovery (DR) plan provides a structured approach for responding to unplanned

More information

GAO. Year 2000 Computing Crisis: Business Continuity and Contingency Planning

GAO. Year 2000 Computing Crisis: Business Continuity and Contingency Planning GAO United States General Accounting Office Accounting and Information Management Division August 1998 Year 2000 Computing Crisis: Business Continuity and Contingency Planning GAO/AIMD-10.1.19 Preface

More information

EMERGENCY PREPAREDNESS POLICY

EMERGENCY PREPAREDNESS POLICY EMERGENCY PREPAREDNESS POLICY CONTROLLED DOCUMENT CATEGORY: CLASSIFICATION: Policy Emergency Planning PURPOSE This document sets out the strategic framework for the management of emergency preparedness

More information

TO: Chief Executive Officers of National Banks, Federal Branches and Data-Processing Centers, Department and Division Heads, and Examining Personnel

TO: Chief Executive Officers of National Banks, Federal Branches and Data-Processing Centers, Department and Division Heads, and Examining Personnel AL 2000 12 O OCC ADVISORY LETTER Comptroller of the Currency Administrator of National Banks Subject: Risk Management of Outsourcing Technology Services TO: Chief Executive Officers of National Banks,

More information

Internal Control Systems and Maintenance of Accounting and Other Records for Interactive Gaming & Interactive Wagering Corporations (IGIWC)

Internal Control Systems and Maintenance of Accounting and Other Records for Interactive Gaming & Interactive Wagering Corporations (IGIWC) Internal Control Systems and Maintenance of Accounting and Other Records for Interactive Gaming & Interactive Wagering Corporations (IGIWC) 1 Introduction 1.1 Section 316 (4) of the International Business

More information

Business continuity management (BCM) for insurance companies in Switzerland minimum standards and recommendations

Business continuity management (BCM) for insurance companies in Switzerland minimum standards and recommendations Business continuity management (BCM) for insurance companies in Switzerland minimum standards and recommendations June 2015 2 Publication details Recipients: All insurance companies supervised by Finma

More information

BUSINESS CONTINUITY MANAGEMENT IN THE PUBLIC SECTOR A ROUGH GUIDE

BUSINESS CONTINUITY MANAGEMENT IN THE PUBLIC SECTOR A ROUGH GUIDE BUSINESS CONTINUITY MANAGEMENT IN THE PUBLIC SECTOR A ROUGH GUIDE Introduction 1. Recently many organisations both public and private have directed much more time, money and effort towards protecting service

More information

INFORMATION TECHNOLOGY SECURITY STANDARDS

INFORMATION TECHNOLOGY SECURITY STANDARDS INFORMATION TECHNOLOGY SECURITY STANDARDS Version 2.0 December 2013 Table of Contents 1 OVERVIEW 3 2 SCOPE 4 3 STRUCTURE 5 4 ASSET MANAGEMENT 6 5 HUMAN RESOURCES SECURITY 7 6 PHYSICAL AND ENVIRONMENTAL

More information

(Mr. Krirk Vanikkul) Assistant Governor, Financial Institutions Policy Group Governor For

(Mr. Krirk Vanikkul) Assistant Governor, Financial Institutions Policy Group Governor For Unofficial Translation by the courtesy of The Foreign Banks' Association This translation is for the convenience of those unfamiliar with the Thai language. Please refer to the Thai text for the official

More information

GUIDANCE FOR MANAGING THIRD-PARTY RISK

GUIDANCE FOR MANAGING THIRD-PARTY RISK GUIDANCE FOR MANAGING THIRD-PARTY RISK Introduction An institution s board of directors and senior management are ultimately responsible for managing activities conducted through third-party relationships,

More information

Introduction UNDERSTANDING BUSINESS CONTINUITY MANAGEMENT

Introduction UNDERSTANDING BUSINESS CONTINUITY MANAGEMENT INFORMATION SECURITY: UNDERSTANDING BUSINESS CONTINUITY MANAGEMENT FACTSHEET This factsheet will introduce you to Business Continuity Management (BCM), which is a process developed to counteract systems

More information

Offsite Disaster Recovery Plan

Offsite Disaster Recovery Plan 1 Offsite Disaster Recovery Plan Offsite Disaster Recovery Plan Presented By: Natan Verkhovsky President Disty Portal Inc. 2 Offsite Disaster Recovery Plan Introduction This document is a comprehensive

More information

Business continuity strategy

Business continuity strategy Business continuity strategy 2009 2012 Table of contents 1 Why this strategy is needed 3 2 Aim of the strategy 4 3 Our approach to business continuity 4 PROCESS 4 STRUCTURE 5 DOCUMENTATION 6 DISRUPTION

More information

GUIDELINES FOR THE MANAGEMENT OF OPERATIONAL RISK

GUIDELINES FOR THE MANAGEMENT OF OPERATIONAL RISK SUPERVISORY AND REGULATORY GUIDELINES: PU-0412 Operational Risk 25 th November, 2013 GUIDELINES FOR THE MANAGEMENT OF OPERATIONAL RISK 1. INTRODUCTION 1.1. The Central Bank of The Bahamas ( the Central

More information

<Client Name> IT Disaster Recovery Plan Template. By Paul Kirvan, CISA, CISSP, FBCI, CBCP

<Client Name> IT Disaster Recovery Plan Template. By Paul Kirvan, CISA, CISSP, FBCI, CBCP IT Disaster Recovery Plan Template By Paul Kirvan, CISA, CISSP, FBCI, CBCP Revision History REVISION DATE NAME DESCRIPTION Original 1.0 2 Table of Contents Information Technology Statement

More information

Sound Practices for the Management of Operational Risk

Sound Practices for the Management of Operational Risk 1 Sound Practices for the Management of Operational Risk Authority 1.1 Section 316 (4) of the International Business Corporations Act (IBC Act) requires the Commission to take any necessary action required

More information

Supervisory Policy Manual

Supervisory Policy Manual This module should be read in conjunction with the Introduction and with the Glossary, which contains an explanation of abbreviations and other terms used in this Manual. If reading on-line, click on blue

More information

Business Continuity Management Governance. Frank Higgins Abu Dhabi March 2015

Business Continuity Management Governance. Frank Higgins Abu Dhabi March 2015 Business Continuity Management Governance Frank Higgins Abu Dhabi March 2015 Different Names Same Concept BCM (Business Continuity Management) BSI 25999 IPOCM (Incident Preparedness & Operational Continuity

More information

Business Continuity Planning and Disaster Recovery Planning

Business Continuity Planning and Disaster Recovery Planning 4 Business Continuity Planning and Disaster Recovery Planning Basic Concepts 1. Business Continuity Management: Business Continuity means maintaining the uninterrupted availability of all key business

More information

GUIDELINES FOR ELECTRONIC BANKING

GUIDELINES FOR ELECTRONIC BANKING SUPERVISORY AND REGULATORY GUIDELINES: PU23-0506 6 th June, 2006 GUIDELINES FOR ELECTRONIC BANKING I. INTRODUCTION The Central Bank of The Bahamas ( the Central Bank ) is responsible for the licensing,

More information

Report on Internal Control

Report on Internal Control Annex to letter from the General Secretary of the Autorité de contrôle prudentiel to the Director General of the French Association of Credit Institutions and Investment Firms Report on Internal Control

More information

Statement of Guidance

Statement of Guidance Statement of Guidance Business Continuity Management All Licensees 1. Statement of Objectives 1.1. To enhance the resilience of the financial sector and to minimise the potential impact of a major operational

More information

RISK MANAGEMENT FRAMEWORK. 2 RESPONSIBLE PERSON: Sarah Price, Chief Officer

RISK MANAGEMENT FRAMEWORK. 2 RESPONSIBLE PERSON: Sarah Price, Chief Officer RISK MANAGEMENT FRAMEWORK 1 SUMMARY The Risk Management Framework consists of the following: Risk Management policy Risk Management strategy Risk Management accountability Risk Management framework structure.

More information

Guidance on Risk Management, Internal Control and Related Financial and Business Reporting

Guidance on Risk Management, Internal Control and Related Financial and Business Reporting Guidance Corporate Governance Financial Reporting Council September 2014 Guidance on Risk Management, Internal Control and Related Financial and Business Reporting The FRC is responsible for promoting

More information

Prudential Practice Guide

Prudential Practice Guide Prudential Practice Guide SPG 232 Business Continuity Management July 2013 www.apra.gov.au Australian Prudential Regulation Authority Disclaimer and copyright This prudential practice guide is not legal

More information

Solvency II Detailed guidance notes

Solvency II Detailed guidance notes Solvency II Detailed guidance notes March 2010 Section 1 - System of governance Section 1: System of Governance Overview This section outlines the Solvency II requirements for an effective system of governance,

More information

CONTINUITY OF OPERATIONS AUDIT PROGRAM EVALUATION AND AUDIT

CONTINUITY OF OPERATIONS AUDIT PROGRAM EVALUATION AND AUDIT CONTINUITY OF OPERATIONS AUDIT PROGRAM EVALUATION AND AUDIT April 16, 2014 INTRODUCTION Purpose The purpose of the audit is to give assurance that the development of the Metropolitan Council s Continuity

More information

BUSINESS CONTINUITY FRAMEWORK

BUSINESS CONTINUITY FRAMEWORK BUSINESS CONTINUITY FRAMEWORK DOCUMENT INFORMATION DOCUMENT TYPE: DOCUMENT STATUS: POLICY OWNER POSITION: INTERNAL COMMITTEE ENDORSEMENT: APPROVED BY: Strategic document Approved Manager Organisational

More information

Guidelines 1 on Information Technology Security

Guidelines 1 on Information Technology Security Guidelines 1 on Information Technology Security Introduction The State Bank of Pakistan recognizes that financial industry is built around the sanctity of the financial transactions. Owing to the critical

More information

Business Continuity. Is your Business Prepared for the worse? What is Business Continuity? Why use a Business Continuity Plan?

Business Continuity. Is your Business Prepared for the worse? What is Business Continuity? Why use a Business Continuity Plan? Business Continuity Is your Business Prepared for the worse? Major emergencies can develop suddenly without warning. Situations can threaten and disrupt your business and impact upon you and your staff.

More information

PROJECT MANAGEMENT FRAMEWORK

PROJECT MANAGEMENT FRAMEWORK PROJECT MANAGEMENT FRAMEWORK DOCUMENT INFORMATION DOCUMENT TYPE: DOCUMENT STATUS: POLICY OWNER POSITION: INTERNAL COMMITTEE ENDORSEMENT: APPROVED BY: Strategic document Approved Executive Assistant to

More information

Guidelines for Financial Institutions Outsourcing of Business Activities, Functions, and Processes Date: July 2004

Guidelines for Financial Institutions Outsourcing of Business Activities, Functions, and Processes Date: July 2004 Guidelines for Financial Institutions Outsourcing of Business Activities, Functions, and Processes Date: July 2004 1. INTRODUCTION Financial institutions outsource business activities, functions and processes

More information

November 2007 Recommendations for Business Continuity Management (BCM)

November 2007 Recommendations for Business Continuity Management (BCM) November 2007 Recommendations for Business Continuity Management (BCM) Recommendations for Business Continuity Management (BCM) Contents 1. Background and objectives...2 2. Link with the BCP Swiss Financial

More information

Risk Management Guidelines

Risk Management Guidelines Business Continuity Management Understanding Risk We live in an unpredictable world. No matter how effectively a business protects itself through insurance, there are some risks that cannot be anticipated,

More information

Risk Management Policy

Risk Management Policy Risk Management Policy Effective from 4 July 2015 Version Number: 2.1 Author: Director of Planning Planning Directorate Document Control Information Status and reason for development Revised updating the

More information

GUIDELINES ON RISK MANAGEMENT AND INTERNAL CONTROLS FOR INSURANCE AND REINSURANCE COMPANIES

GUIDELINES ON RISK MANAGEMENT AND INTERNAL CONTROLS FOR INSURANCE AND REINSURANCE COMPANIES 20 th February, 2013 To Insurance Companies Reinsurance Companies GUIDELINES ON RISK MANAGEMENT AND INTERNAL CONTROLS FOR INSURANCE AND REINSURANCE COMPANIES These guidelines on Risk Management and Internal

More information

Risk Management Programme Guidelines

Risk Management Programme Guidelines Risk Management Programme Guidelines Submissions are invited on these draft Reserve Bank risk management programme guidelines for non-bank deposit takers. Submissions should be made by 29 June 2009 and

More information

Risk Management Programme Guidelines

Risk Management Programme Guidelines Risk Management Programme Guidelines Prudential Supervision Department Non-bank deposit takers Issued: July 2009 2 CONTENTS Part 1 Introduction... 3 1. Purpose of this document... 3 2. Meaning of risk...

More information

INTERNATIONAL ASSOCIATION OF INSURANCE SUPERVISORS

INTERNATIONAL ASSOCIATION OF INSURANCE SUPERVISORS Issues Paper INTERNATIONAL ASSOCIATION OF INSURANCE SUPERVISORS RISKS TO INSURERS POSED BY ELECTRONIC COMMERCE OCTOBER 2002 Risks to Insurers posed by Electronic Commerce The expansion of electronic commerce,

More information

Disaster Recovery and Business Continuity Plan

Disaster Recovery and Business Continuity Plan Disaster Recovery and Business Continuity Plan Table of Contents 1. Introduction... 3 2. Objectives... 3 3. Risks... 3 4. Steps of Disaster Recovery Plan formulation... 3 5. Audit Procedure.... 5 Appendix

More information

Corporate Risk Management Policy

Corporate Risk Management Policy Corporate Risk Management Policy Managing the Risk and Realising the Opportunity www.reading.gov.uk Risk Management is Good Management Page 1 of 19 Contents 1. Our Risk Management Vision 3 2. Introduction

More information

RS Official Gazette, No 23/2013 and 113/2013

RS Official Gazette, No 23/2013 and 113/2013 RS Official Gazette, No 23/2013 and 113/2013 Pursuant to Article 15, paragraph 1 and Article 63, paragraph 2 of the Law on the National Bank of Serbia (RS Official Gazette, Nos 72/2003, 55/2004, 85/2005

More information

Electronic Trading Information Template

Electronic Trading Information Template Electronic Trading Information Template Preface This Electronic Trading Information Template (the "Template") has been created through the collaborative efforts of the professional associations listed

More information

Coping with a major business disruption. Some practical advice

Coping with a major business disruption. Some practical advice Coping with a major business disruption Some practical advice Coping with a major business disruption What is business continuity? Business continuity planning (BCP) is a management process that helps

More information

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA 1 Chapter-4: Business Continuity Planning and Disaster Recovery Planning PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA Learning Objectives 2 To understand the concept of Business Continuity Management To understand

More information

Policy guidance on the Bank of Canada s risk-management standards for designated financial market infrastructures

Policy guidance on the Bank of Canada s risk-management standards for designated financial market infrastructures Policy guidance on the Bank of Canada s risk-management standards for designated financial market infrastructures Standard 24: Recovery Plans This guidance was prepared by the Bank of Canada (the Bank)

More information

Quick Guide: Managing ICT Risk for Business

Quick Guide: Managing ICT Risk for Business Quick Guide: Managing ICT Risk for Business This Quick Guide is one of a series of information products aimed at helping small to medium sized enterprises identify and manage risks when assessing, buying

More information

CISM Certified Information Security Manager

CISM Certified Information Security Manager CISM Certified Information Security Manager Firebrand Custom Designed Courseware Chapter 4 Information Security Incident Management Exam Relevance Ensure that the CISM candidate Establish an effective

More information

BUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS

BUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS BUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS DIRECTORATE OF BANKING SUPERVISION AUGUST 2009 TABLE OF CONTENTS PAGE 1.0 INTRODUCTION..3 1.1 Background...3 1.2 Citation...3

More information

FINANCIAL REPORTING COUNCIL AN UPDATE FOR DIRECTORS OF LISTED COMPANIES: GOING CONCERN AND LIQUIDITY RISK

FINANCIAL REPORTING COUNCIL AN UPDATE FOR DIRECTORS OF LISTED COMPANIES: GOING CONCERN AND LIQUIDITY RISK FINANCIAL REPORTING COUNCIL AN UPDATE FOR DIRECTORS OF LISTED COMPANIES: GOING CONCERN AND LIQUIDITY RISK NOVEMBER 2008 Contents Page One Introduction 1 Two Accounting requirements with respect to going

More information

Business Continuity Planning 101. +1 610 768-4120 (800) 634-2016 www.strohlsystems.com info@strohlsystems.com

Business Continuity Planning 101. +1 610 768-4120 (800) 634-2016 www.strohlsystems.com info@strohlsystems.com Business Continuity Planning 101 Presentation Overview What is business continuity planning Plan Development Plan Testing Plan Maintenance Future advancements in BCP Question & Answer What is a Disaster?

More information

TO CREDIT UNIONS DATE:, May 12, 1998

TO CREDIT UNIONS DATE:, May 12, 1998 NATIONAL CREDIT UNION ADMINISTRATION NATIONAL CREDIT UNION SHARE INSURANCE FUND LETTER LETTER NO.: 98-CU-10 TO CREDIT UNIONS DATE:, May 12, 1998 TO: SUBJECT: FEDERALLY INSURED CREDIT UNIONS Testing for

More information

Business Continuity (Policy & Procedure)

Business Continuity (Policy & Procedure) Business Continuity (Policy & Procedure) Publication Scheme Y/N Can be published on Force Website Department of Origin Force Operations Policy Holder Ch Supt Head of Force Ops Author Business Continuity

More information

How to write a DISASTER RECOVERY PLAN. To print to A4, print at 75%.

How to write a DISASTER RECOVERY PLAN. To print to A4, print at 75%. How to write a DISASTER RECOVERY PLAN To print to A4, print at 75%. TABLE OF CONTENTS SUMMARY SUMMARY WHAT IS A DRP AND HOW CAN IT HELP MY COMPANY? CHAPTER PREPARING TO WRITE YOUR DISASTER RECOVERY PLAN

More information

August 2013 Recommendations for Business Continuity Management (BCM)

August 2013 Recommendations for Business Continuity Management (BCM) August 2013 Recommendations for Business Continuity Management (BCM) 1 Background and objectives... 2 2 Principles... 3 3 Scope of application and threats... 4 4 Recommendations... 6 4.1 Definition and

More information

Risk Management & Business Continuity Manual 2011-2014

Risk Management & Business Continuity Manual 2011-2014 ANNEX C Risk Management & Business Continuity Manual 2011-2014 Produced by the Risk Produced and by the Business Risk and Business Continuity Continuity Team Team February 2011 April 2011 Draft V.10 Page

More information

NORTH HAMPSHIRE CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY MANAGEMENT POLICY AND PLAN (COR/017/V1.00)

NORTH HAMPSHIRE CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY MANAGEMENT POLICY AND PLAN (COR/017/V1.00) NORTH HAMPSHIRE CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY MANAGEMENT POLICY AND PLAN (COR/017/V1.00) Subject and version number of document: Serial Number: Business Continuity Management Policy

More information

Business Continuity Management. Policy Statement and Strategy

Business Continuity Management. Policy Statement and Strategy Business Continuity Management Policy Statement and Strategy November 2011 Title Business Continuity Management Policy & Strategy Date of Publication: Cabinet Council Published by Borough Council of King

More information

Merrycon s Approach to Business Continuity Management

Merrycon s Approach to Business Continuity Management Merrycon s Approach to Business Continuity Management Business Continuity is a management discipline that provides a framework for an organisation to build resilience, providing the capability for an effective

More information

Risks and uncertainties

Risks and uncertainties Risks and uncertainties Our risk management approach We have a well-established risk management methodology which we use throughout the business to allow us to identify and manage the principal risks that

More information

Guidance Note XGN XXX.1

Guidance Note XGN XXX.1 Guidance Note XGN XXX.1 Risk Assessment and Business Continuity Planning 1. This Guidance Note provides further detail on matters institutions should consider in assessing disruption scenarios and certain

More information